Marcos Paulo Ortolani

MARCOS ORTOLANI Focus: CISO | Cybersecurity | Digital Security Manager – Senior Manager Resume Executive with more than 25 years of experience in the areas of cybersecurity and technology. Acting as CISO, leads from the construction of the strategic planning of security and technology areas, structuring budgets and managing the four fronts of analysis, the Red Team, Blue Team, Access Management and GRC; also leading fronts for analyzing the business VS its needs, customer journey and risk, as well as fronts to accelerate operational efficiency. Over the last 16 years worked for the Ultra Group, responsible for the cybersecurity strategy of the group's companies, such as Ipiranga, Ultragas, Ultracargo etc.; with an impact of ˜20,000 employees, remodeling digital security strategies, managing technology project portfolios, structuring internal audits, managing communication and engagement on the subject with companies, as well as restructuring processes, journeys and performance, generating insights for leaders, supporting them in conducting business. Working with IT and OT security, such as network, applications, cloud, endpoint, networks, etc. Specialist in IAM, SOX and response to audits such as PCI and ISO 27001, also has a strong background in project management, also excelling in MW review, assessing risks and pointing out actions, building innovative solutions and keeping up with the market. Degree in Information Technology, also studied cybersecurity at FIAP and FGV. Results-oriented, it supports companies in building high-performance teams and brands. Education • Fundação Getulio Vargas Executive Education, Cybersecurity. Finish: 2022. • FIAP MBA, Cybersecurity. Finish: 2021. • Universidade Paulista Degree, Computer Network Management. Finish: 2005. Languages • Intermediate English • Native Portuguese Licenses and Certificates • MCP Microsoft – Microsoft Work Experience • ULTRA Cybersecurity Manager | Planning, Operations and Performance From 2022 July to 2025 ay. Responsible for the cybersecurity strategy and management of the group's companies, such as Ipiranga, Ultragaz, Ultracargo, etc.; from strategic planning, P&L management and the customer journey within the business, to process structuring (also focused on regulations), Go to Market and people engagement on the subject of security, and participation in the company's main strategic projects. Key activities: + Strategic planning for the area, aligning security with the business strategy + Structuring/managing the P&L, prioritizing investments, renegotiating contracts (focus on efficiency) + Drawing up the operational, risk, training and engagement matrix + Building security policies, processes and journeys + Monitoring existing/updated laws and regulations, such as the LGPD + Working with IT and OT security, with an eye on automation and operational efficiency + Leading Red Teams, Blue Teams, GRC and Access Management + Management of strategic projects, such as those focused on Cloud and MW (deficiencies and notes) + Market analysis, trends and new security technologies + Structuring internal audits (in-house and/or by hiring consultants) + Interface with IT, managing project portfolios (aligning security with each one) + Relationship with all the company's strategic areas + Performance management, structuring indicators and data, generating insights for all leaders + Presenting results and developments to the group's Board + Managing ˜30 people. • Cybersecurity Coordinator | Access Management and GRC From 2019 October to 2022 July. Coordinator responsible for cybersecurity management, mainly of the access and GRC pillars, building strategic and operational plans, mapping the employee journey and analyzing risks to the business, interfacing with all areas of the group's companies. Key activities: + Strategic and operational security planning + Market analysis, trends and new technologies + Looking at the journey of the business and its employees, assessing cyber risks + Building policies, standards and procedures, supporting leaders in data governance + Drawing up a business continuity plan + Working with audits, such as SOX, PCI, ISO27001/27002, LGPD + Implementation and support of access and identity management (IAM) + Looking at automations, as well as compliance with SOX, PCI. Rbac and SoD + Strategies for training and engaging people on the subject of security + Interface with all the company's leaders + Management of 16 people. • Security Analyst From 2011 May to 2019 October. Working with Information Security, mainly in access control, Active Directory, Microsoft Exchang, Enterprise Vault Research for auditing, etc. Key activities: + Prospecting, implementing and administering the CA Identity Management System + Implementation of MDM solutions for digital certificates, especially in Latin America + Administration of TMG, ARS (Active Roles Server) + Management of integration projects through acquisitions and federations + Development of security policies for audits (SOX/ISO/PCI) + Knowledge of ITIL processes. • Network Analyst | Telecommunications From 2009 November to 2011 May. Responsible for data links, upgrades, negotiations with operators, payment control, agreements, contracting, as well as configuring switches, routers, VoIP, ACS and authenticated networks, WiFi networks and data RFP projects. • ULTRACARGO Network Analyst From 2007 June to 2009 November. Responsible for server and Telecom infrastructure, File Server rules, creation of Backup policies, migration of servers in the branches, close relationship with management and the board. • AOL Customer Service Analyst From 2000 December to 2006 April.